scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-10-29 17:52:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

Remove incorrect alerts and fix typo in table (#23531)

Browse Source
This commit is contained in:
Sarah Chavis
2023-10-05 12:41:49 -07:00
committed by GitHub
parent 556305b573
commit a58a6f19ea
31 changed files with 8 additions and 157 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
website/content/api-docs/system/audit-hash.mdx
View File

@@ -8,14 +8,14 @@ description: |-
# `/sys/audit-hash`
@include 'alerts/restricted-admin.mdx'
The `/sys/audit-hash` endpoint is used to calculate the hash of the data used by
an audit device's hash function and salt. This can be used to search audit logs
for a hashed value when the original value is known.
## Calculate hash
@include 'alerts/restricted-admin.mdx'
This endpoint hashes the given input data with the specified audit device's
hash function and salt. This endpoint can be used to discover whether a given
plaintext string (the `input` parameter) appears in the audit log in obfuscated

12
website/content/api-docs/system/auth.mdx
View File

@@ -12,8 +12,6 @@ token which can be used for all future requests.
## List auth methods
@include 'alerts/restricted-admin.mdx'
This endpoint lists all enabled auth methods.
| Method | Path |
@@ -83,8 +81,6 @@ $ curl \
## Enable auth method
@include 'alerts/restricted-admin.mdx'
This endpoint enables a new auth method. After enabling, the auth method can
be accessed and configured via the auth path specified as part of the URL. This
auth path will be nested under the `auth` prefix.
@@ -186,8 +182,6 @@ $ curl \
## Read auth method configuration
@include 'alerts/restricted-admin.mdx'
This endpoints returns the configuration of the auth method at the given path.
| Method | Path |
@@ -237,8 +231,6 @@ $ curl \
## Disable auth method
@include 'alerts/restricted-admin.mdx'
This endpoint disables the auth method at the given auth path.
- **`sudo` required**  This endpoint requires `sudo` capability in addition to
@@ -264,8 +256,6 @@ $ curl \
## Read auth method tuning
@include 'alerts/restricted-admin.mdx'
- This endpoint reads the given auth path's configuration. This endpoint requires
`sudo` capability on the final path, but the same functionality can be achieved
without `sudo` via `sys/mounts/auth/[auth-path]/tune`._
@@ -303,8 +293,6 @@ $ curl \
## Tune auth method
@include 'alerts/restricted-admin.mdx'
Tune configuration parameters for a given auth path. _This endpoint
requires `sudo` capability on the final path, but the same functionality
can be achieved without `sudo` via `sys/mounts/auth/[auth-path]/tune`._

2
website/content/api-docs/system/capabilities-self.mdx
View File

@@ -16,8 +16,6 @@ memberships.
## Query self capabilities
@include 'alerts/restricted-admin.mdx'
This endpoint returns the capabilities of client token on the given paths. The
client token is the Vault token with which this API call is made. Multiple
paths are taken in at once and the capabilities of the token for each path is

2
website/content/api-docs/system/capabilities.mdx
View File

@@ -15,8 +15,6 @@ through the entity and entity's group memberships.
## Query token capabilities
@include 'alerts/restricted-admin.mdx'
This endpoint returns the list of capabilities of a given token on the given
paths. Multiple paths are taken in at once and the capabilities of the token
for each path is returned. For backwards compatibility, if a single path is

6
website/content/api-docs/system/config-control-group.mdx
View File

@@ -13,8 +13,6 @@ settings.
## Read control group settings
@include 'alerts/restricted-admin.mdx'
This endpoint returns the current Control Group configuration.
| Method | Path |
@@ -39,8 +37,6 @@ $ curl \
## Configure control group settings
@include 'alerts/restricted-admin.mdx'
This endpoint allows configuring control groups.
| Method | Path |
@@ -71,8 +67,6 @@ $ curl \
## Delete control group settings
@include 'alerts/restricted-admin.mdx'
This endpoint removes any control group configuration.
| Method | Path |

3
website/content/api-docs/system/control-group.mdx
View File

@@ -7,7 +7,6 @@ description: The '/sys/control-group' endpoint handles the Control Group workflo
## Authorize control group request
@include 'alerts/enterprise-and-hcp-plus.mdx'
@include 'alerts/restricted-admin.mdx'
This endpoint authorizes a control group request.
@@ -49,8 +48,6 @@ $ curl \
## Check control group request status
@include 'alerts/restricted-admin.mdx'
This endpoint checks the status of a control group request.
| Method | Path |

2
website/content/api-docs/system/ha-status.mdx
View File

@@ -11,8 +11,6 @@ It lists the active node and the peers that it's heard from since it became acti
## HA status
@include 'alerts/restricted-admin.mdx'
This endpoint returns the HA status of the Vault cluster.
| Method | Path |

2
website/content/api-docs/system/internal-specs-openapi.mdx
View File

@@ -25,8 +25,6 @@ structure, and other endpoints will be modified incrementally.
## Get OpenAPI document
@include 'alerts/restricted-admin.mdx'
This endpoint returns a single OpenAPI document describing all paths visible to the requester.
| Method | Path |

2
website/content/api-docs/system/internal-ui-feature.mdx
View File

@@ -16,8 +16,6 @@ guarantee on backwards compatibility for this endpoint.
## Get enabled feature flags
@include 'alerts/restricted-admin.mdx'
This endpoint lists the enabled feature flags relevant to the UI.
| Method | Path |

4
website/content/api-docs/system/internal-ui-mounts.mdx
View File

@@ -22,8 +22,6 @@ compatibility for this endpoint.
## Get available visible mounts
@include 'alerts/restricted-admin.mdx'
This endpoint lists all enabled auth methods.
| Method | Path |
@@ -61,8 +59,6 @@ $ curl \
## Get single mount details
@include 'alerts/restricted-admin.mdx'
This endpoint lists details for a specific mount path. This is an
authenticated endpoint, and is currently only being used internally.

2
website/content/api-docs/system/internal-ui-resultant-acl.mdx
View File

@@ -15,8 +15,6 @@ intended usage, there is no guarantee on backwards compatibility for this endpoi
## Get resultant-acl
@include 'alerts/restricted-admin.mdx'
This endpoint lists the resultant-acl relevant to the UI.
| Method | Path |

2
website/content/api-docs/system/leader.mdx
View File

@@ -13,8 +13,6 @@ current leader of Vault.
## Read leader status
@include 'alerts/restricted-admin.mdx'
This endpoint returns the high availability status and current leader instance
of Vault.

18
website/content/api-docs/system/leases.mdx
View File

@@ -10,8 +10,6 @@ The `/sys/leases` endpoints are used to view and manage leases in Vault.
## Read lease
@include 'alerts/restricted-admin.mdx'
This endpoint retrieve lease metadata.
| Method | Path |
@@ -55,8 +53,6 @@ $ curl \
## List leases
@include 'alerts/restricted-admin.mdx'
This endpoint returns a list of lease ids.
**This endpoint requires 'sudo' capability.**
@@ -86,8 +82,6 @@ $ curl \
## Renew lease
@include 'alerts/restricted-admin.mdx'
This endpoint renews a lease, requesting to extend the lease. Token leases
cannot be renewed using this endpoint, use instead the auth/token/renew endpoint.
@@ -136,8 +130,6 @@ $ curl \
## Revoke lease
@include 'alerts/restricted-admin.mdx'
This endpoint revokes a lease immediately.
| Method | Path |
@@ -174,8 +166,6 @@ $ curl \
## Revoke force
@include 'alerts/restricted-admin.mdx'
This endpoint revokes all secrets or tokens generated under a given prefix
immediately. Unlike `/sys/leases/revoke-prefix`, this path ignores backend errors
encountered during revocation. This is _potentially very dangerous_ and should
@@ -208,8 +198,6 @@ $ curl \
## Revoke prefix
@include 'alerts/restricted-admin.mdx'
This endpoint revokes all secrets (via a lease ID prefix) or tokens (via the
tokens' path property) generated under a given prefix immediately. This requires
`sudo` capability and access to it should be tightly controlled as it can be
@@ -240,8 +228,6 @@ $ curl \
## Tidy leases
@include 'alerts/restricted-admin.mdx'
This endpoint cleans up the dangling storage entries for leases: for each lease
entry in storage, Vault will verify that it has an associated valid non-expired
token in storage, and if not, the lease will be revoked.
@@ -265,8 +251,6 @@ $ curl \
## Lease counts
@include 'alerts/restricted-admin.mdx'
This endpoint returns the total count of a `type` of lease, as well as a count
per mount point. Note that it currently only supports type "irrevocable".
@@ -297,8 +281,6 @@ $ curl \
## Leases list
@include 'alerts/restricted-admin.mdx'
This endpoint returns the total count of a `type` of lease, as well as a list
of leases per mount point. Note that it currently only supports type
"irrevocable".

2
website/content/api-docs/system/license.mdx
View File

@@ -15,8 +15,6 @@ Vault.
## License status
@include 'alerts/restricted-admin.mdx'
This endpoint returns information about licensing. See [license autoloading](/vault/docs/enterprise/license/autoloading) for additional background.
In the response:

4
website/content/api-docs/system/monitor.mdx
View File

@@ -6,6 +6,8 @@ description: The `/sys/monitor` endpoint is used to receive streaming logs from
# `/sys/monitor`
@include 'alerts/restricted-admin.mdx'
The `/sys/monitor` endpoint is used to receive streaming logs from the Vault server.
If Vault is emitting log messages faster than a receiver can process them, then
@@ -13,8 +15,6 @@ some log lines will be dropped.
## Monitor system logs
@include 'alerts/restricted-admin.mdx'
This endpoint streams logs back to the client from Vault. Note that unlike most API endpoints in Vault, this one
does not return JSON by default. This will send back data in whatever log format Vault has been configured with. By
default, this is text.

12
website/content/api-docs/system/mounts.mdx
View File

@@ -10,8 +10,6 @@ The `/sys/mounts` endpoint is used to manage secrets engines in Vault.
## List mounted secrets engines
@include 'alerts/restricted-admin.mdx'
This endpoints lists all the mounted secrets engines.
| Method | Path |
@@ -121,8 +119,6 @@ are used by this backend.
## Enable secrets engine
@include 'alerts/restricted-admin.mdx'
This endpoint enables a new secrets engine at the given path.
| Method | Path |
@@ -219,8 +215,6 @@ $ curl \
## Disable secrets engine
@include 'alerts/restricted-admin.mdx'
This endpoint disables the mount point specified in the URL.
| Method | Path | |
@@ -255,8 +249,6 @@ in dangling credentials. This is meant for extreme circumstances.
## Get the configuration of a secret engine
@include 'alerts/restricted-admin.mdx'
This endpoint returns the configuration of a specific secret engine.
| Method | Path |
@@ -318,8 +310,6 @@ $ curl \
## Read mount configuration
@include 'alerts/restricted-admin.mdx'
This endpoint reads the given mount's configuration. Unlike the `mounts`
endpoint, this will return the current time in seconds for each TTL, which may
be the system default or a mount-specific value.
@@ -348,8 +338,6 @@ $ curl \
## Tune mount configuration
@include 'alerts/restricted-admin.mdx'
This endpoint tunes configuration parameters for a given mount point.
| Method | Path |

10
website/content/api-docs/system/plugins-catalog.mdx
View File

@@ -12,8 +12,6 @@ once registered backends can use the plugin by querying the catalog.
## LIST plugins
@include 'alerts/restricted-admin.mdx'
This endpoint lists the plugins in the catalog by type.
| Method | Path |
@@ -95,8 +93,6 @@ $ curl \
## LIST plugins
@include 'alerts/restricted-admin.mdx'
This endpoint lists the plugins in the catalog by type.
| Method | Path |
@@ -132,8 +128,6 @@ $ curl \
## Register plugin
@include 'alerts/restricted-admin.mdx'
This endpoint registers a new plugin, or updates an existing one with the
supplied name.
@@ -210,8 +204,6 @@ $ curl \
## Read plugin
@include 'alerts/restricted-admin.mdx'
This endpoint returns the configuration data for the plugin with the given name.
- **`sudo` required**  This endpoint requires `sudo` capability in addition to
@@ -260,8 +252,6 @@ $ curl \
## Remove plugin from catalog
@include 'alerts/restricted-admin.mdx'
This endpoint removes the plugin with the given name.
- **`sudo` required**  This endpoint requires `sudo` capability in addition to

2
website/content/api-docs/system/plugins-reload-backend.mdx
View File

@@ -13,8 +13,6 @@ provided, all mounted paths that use that plugin backend will be reloaded.
## Reload plugins
@include 'alerts/restricted-admin.mdx'
This endpoint reloads mounted plugin backends.
| Method | Path - |

10
website/content/api-docs/system/policies-password.mdx
View File

@@ -18,8 +18,6 @@ as well as the syntax of the policies themselves.
## Create/Update password policy
@include 'alerts/restricted-admin.mdx'
This endpoint adds a new or updates an existing password policy. Once a policy is updated,
it takes effect immediately to all associated secret engines.
@@ -81,8 +79,6 @@ $ vault write sys/policies/password/my-policy policy=@my-policy.hcl
## List password policies
@include 'alerts/restricted-admin.mdx'
This endpoints list the password policies.
| Method | Path |
@@ -120,8 +116,6 @@ $ curl \
## Read password policy
@include 'alerts/restricted-admin.mdx'
This endpoint retrieves information about the named password policy.
| Method | Path |
@@ -151,8 +145,6 @@ $ curl \
## Delete password policy
@include 'alerts/restricted-admin.mdx'
This endpoint deletes the password policy with the given name. This does not check if any
secret engines are using it prior to deletion, so you should ensure that any engines that
are utilizing this password policy are changed to a different policy (or to that engines'
@@ -178,8 +170,6 @@ $ curl \
## Generate password from password policy
@include 'alerts/restricted-admin.mdx'
This endpoint generates a password from the specified existing password policy.
| Method | Path |

24
website/content/api-docs/system/policies.mdx
View File

@@ -18,8 +18,6 @@ Vault Open Source or basic Vault Enterprise installations.
## List ACL policies
@include 'alerts/restricted-admin.mdx'
This endpoint lists all configured ACL policies.
| Method | Path |
@@ -44,8 +42,6 @@ $ curl \
## Read ACL policy
@include 'alerts/restricted-admin.mdx'
This endpoint retrieves information about the named ACL policy.
| Method | Path |
@@ -76,8 +72,6 @@ $ curl \
## Create/Update ACL policy
@include 'alerts/restricted-admin.mdx'
This endpoint adds a new or updates an existing ACL policy. Once a policy is
updated, it takes effect immediately to all associated users.
@@ -113,8 +107,6 @@ $ curl \
## Delete ACL policy
@include 'alerts/restricted-admin.mdx'
This endpoint deletes the ACL policy with the given name. This will immediately
affect all users associated with this policy. (A deleted policy set on a token
acts as an empty policy.)
@@ -139,8 +131,6 @@ $ curl \
## List RGP policies
@include 'alerts/restricted-admin.mdx'
This endpoint lists all configured RGP policies.
| Method | Path |
@@ -165,8 +155,6 @@ $ curl \
## Read RGP policy
@include 'alerts/restricted-admin.mdx'
This endpoint retrieves information about the named RGP policy.
| Method | Path |
@@ -198,8 +186,6 @@ $ curl \
## Create/Update RGP policy
@include 'alerts/restricted-admin.mdx'
This endpoint adds a new or updates an existing RGP policy. Once a policy is
updated, it takes effect immediately to all associated users.
@@ -240,8 +226,6 @@ $ curl \
## Delete RGP policy
@include 'alerts/restricted-admin.mdx'
This endpoint deletes the RGP policy with the given name. This will immediately
affect all users associated with this policy. (A deleted policy set on a token
acts as an empty policy.)
@@ -266,8 +250,6 @@ $ curl \
## List EGP policies
@include 'alerts/restricted-admin.mdx'
This endpoint lists all configured EGP policies. Since EGP policies act on a
path, this endpoint returns two identifiers:
@@ -298,8 +280,6 @@ $ curl \
## Read EGP policy
@include 'alerts/restricted-admin.mdx'
This endpoint retrieves information about the named EGP policy.
| Method | Path |
@@ -332,8 +312,6 @@ $ curl \
## Create/Update EGP policy
@include 'alerts/restricted-admin.mdx'
This endpoint adds a new or updates an existing EGP policy. Once a policy is
updated, it takes effect immediately to all associated users.
@@ -380,8 +358,6 @@ $ curl \
## Delete EGP policy
@include 'alerts/restricted-admin.mdx'
This endpoint deletes the EGP policy with the given name from all paths on which it was configured.
| Method | Path |

8
website/content/api-docs/system/policy.mdx
View File

@@ -10,8 +10,6 @@ The `/sys/policy` endpoint is used to manage ACL policies in Vault.
## List policies
@include 'alerts/restricted-admin.mdx'
This endpoint lists all configured policies.
| Method | Path |
@@ -36,8 +34,6 @@ $ curl \
## Read policy
@include 'alerts/restricted-admin.mdx'
This endpoint retrieve the policy body for the named policy.
| Method | Path |
@@ -68,8 +64,6 @@ $ curl \
## Create/Update policy
@include 'alerts/restricted-admin.mdx'
This endpoint adds a new or updates an existing policy. Once a policy is
updated, it takes effect immediately to all associated users.
@@ -104,8 +98,6 @@ $ curl \
## Delete policy
@include 'alerts/restricted-admin.mdx'
This endpoint deletes the policy with the given name. This will immediately
affect all users associated with this policy.

4
website/content/api-docs/system/remount.mdx
View File

@@ -12,8 +12,6 @@ The Remount documentation details the endpoints required to trigger and monitor
## Move backend
@include 'alerts/restricted-admin.mdx'
The `/sys/remount` endpoint moves an already-mounted backend to a new mount point. Remounting works for both secret
engines and auth methods.
@@ -85,8 +83,6 @@ $ curl \
## Monitor migration status
@include 'alerts/restricted-admin.mdx'
This endpoint is used to monitor the status of a mount migration operation, using the ID returned in the response
of the `sys/remount` call. The response contains the passed-in ID, the source and target mounts, and a status field
that displays `in-progress`, `success` or `failure`.

2
website/content/api-docs/system/seal-status.mdx
View File

@@ -10,8 +10,6 @@ The `/sys/seal-status` endpoint is used to check the seal status of a Vault.
## Seal status
@include 'alerts/restricted-admin.mdx'
This endpoint returns the seal status of the Vault. This is an unauthenticated
endpoint.

4
website/content/api-docs/system/tools.mdx
View File

@@ -10,8 +10,6 @@ The `/sys/tools` endpoints are a general set of tools.
## Generate random bytes
@include 'alerts/restricted-admin.mdx'
This endpoint returns high-quality random bytes of the specified length.
| Method | Path |
@@ -61,8 +59,6 @@ $ curl \
## Hash data
@include 'alerts/restricted-admin.mdx'
This endpoint returns the cryptographic hash of given data using the specified
algorithm.

4
website/content/api-docs/system/user-lockout.mdx
View File

@@ -12,8 +12,6 @@ Refer to the [user lockout](/vault/docs/concepts/user-lockout) overview for more
## List locked users
@include 'alerts/restricted-admin.mdx'
The list endpoint returns information on the users currently locked by Vault.
The response will include all child namespaces of the namespace in which the
@@ -195,8 +193,6 @@ $ curl \
## Unlock user
@include 'alerts/restricted-admin.mdx'
The unlock user endpoint frees a locked user with the provided `mount_accessor` and `alias_identifier` in the given namespace.
The unlock command is idempotent. Calls to the endpoint succeed even if the user matching the provided `mount_accessor` and `alias_identifier` is not currently locked.

2
website/content/api-docs/system/version-history.mdx
View File

@@ -13,8 +13,6 @@ The `/sys/version-history` endpoint is used to retrieve the version history of a
## Read version history
@include 'alerts/restricted-admin.mdx'
This endpoint returns the version history of the Vault. The response will contain the following keys:
- `keys`: a list of installed versions in chronological order based on the time installed

2
website/content/api-docs/system/wrapping-lookup.mdx
View File

@@ -10,8 +10,6 @@ The `/sys/wrapping/lookup` endpoint returns wrapping token properties.
## Wrapping lookup
@include 'alerts/restricted-admin.mdx'
This endpoint looks up wrapping properties for the given token.
| Method | Path |

2
website/content/api-docs/system/wrapping-rewrap.mdx
View File

@@ -13,8 +13,6 @@ refresh its TTL.
## Wrapping rewrap
@include 'alerts/restricted-admin.mdx'
This endpoint rewraps a response-wrapped token. The new token will use the same
creation TTL as the original token and contain the same response. The old token
will be invalidated. This can be used for long-term storage of a secret in a

2
website/content/api-docs/system/wrapping-unwrap.mdx
View File

@@ -10,8 +10,6 @@ The `/sys/wrapping/unwrap` endpoint unwraps a wrapped response.
## Wrapping unwrap
@include 'alerts/restricted-admin.mdx'
This endpoint returns the original response inside the given wrapping token.
Unlike simply reading `cubbyhole/response` (which is deprecated), this endpoint
provides additional validation checks on the token, returns the original value

2
website/content/api-docs/system/wrapping-wrap.mdx
View File

@@ -13,8 +13,6 @@ token.
## Wrapping wrap
@include 'alerts/restricted-admin.mdx'
This endpoint wraps the given user-supplied data inside a response-wrapped
token.

8
website/content/partials/api/restricted-endpoints.mdx
View File

@@ -44,10 +44,10 @@ API path | Root | Admin
`/sys/replication/dr/secondary/*` | YES | NO
`/sys/replication/performance/primary/*` | YES | NO
`/sys/replication/performance/secondary/*` | YES | NO
`sys/replication/recover | YES | NO
`sys/replication/reindex | YES | NO
`sys/replication/status | YES | NO
`sys/replication/merkle-check | YES | NO
`sys/replication/recover` | YES | NO
`sys/replication/reindex` | YES | NO
`sys/replication/status` | YES | NO
`sys/replication/merkle-check` | YES | NO
`sys/rotate/config` | YES | NO
`sys/rotate` | YES | NO
`sys/seal` | YES | NO